[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] dns and named in chroot jail



Oh and I should have added that both named and dhcpd should have the
chroot jail under the same folder, like this:

/jail
 -dhcpd
 -named

so you have /jail/dhcpd and /jail/named and their chroot should be /jail. 
I doubt you can have down as far as /jail/dhcpd and /jail/named, as they
won't be able to up one level then down to the other side.


> Your issue is that dhcpd is running as the user dhcpd but the permissions
> on the test.it directory (and I'm assuming the files as well) do not have
> the correct permissions for dhcpd to update it.
>
> If you "chmod 775 test.it" and "chmod 664" the files inside that folder,
> then make the user dhcpd part of the named group, you should be good.
>
>
>> Hi,
>>  I wanna configure dhcpd and named in chroot jail for security reason.
>>  Dhcpd and named work well but dhcpd does not update named and in the
>> log
>> files i have nothing that help me to understand the problem.
>>  I use suse professional 9.1.
>>  I read the document in /usr/share/doc/packages/bind but i do not know
>> where is the problem.
>>  Could you help me ?
>>  Best regards,
>>  Cristian Del Carlo.
>
>>
>>  5) /etc/sysconfig/dhcpd
>>  DHCPD_INTERFACE="eth0"
>>  DHCPD_RUN_CHROOTED="yes"
>>  DHCPD_CONF_INCLUDE_FILES="/etc/named.keys"
>>  DHCPD_RUN_AS="dhcpd"
>>  DHCPD_OTHER_ARGS=""
>>  DHCPD_BINARY=""
>>
>>  6) ls -al /var/lib/named
>>  drwxr-xr-x 2 named named 4096 Sep 28 18:54 test.it
>
>
>
>
> --
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here
>
>


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here